Hi,
we are seeing situations where skb_under_panic is reported with bad
data pointers. A recent example is [1], but we have seen more of the same.
Some random examples:
skb_under_panic: text:0000000039ea4f04 len:272 put:48
head:00000000bdd3f564 data:00000000f70d12b8 tail:0x102 end:0x2c0
dev:wlan0
skb_under_panic: text:0000000063ae0b92 len:822 put:48
head:000000004ae66619 data:0000000082f8ca57 tail:0x328 end:0x6c0
dev:wlan0
skb_under_panic: text:0000000056205094 len:272 put:48
head:000000003aad43d6 data:00000000e8cd088c tail:0x102 end:0x2c0
dev:wlan0
skb_under_panic: text:00000000413c3f8c len:368 put:48
head:00000000ddd1266f data:00000000f13009ae tail:0x162 end:0x2c0
dev:wlan0
skb_under_panic: text:00000000917c4645 len:520 put:48
head:000000007108f7f3 data:000000003d260246 tail:0x1fa end:0x6c0
dev:wlan0
This specific condition happens rarely; we do see lots of 'normal'
skb_under_panic
crashes (with valid head and data pointers) in the same driver.
I would assume that the skbs are corrupted, but then I noticed a similar pattern
in some kernel commit logs.
commit 7901cd97963d:
skb_under_panic: text:00000000ca46ad8a len:80 put:20
head:00000000cd28494e data:000000009366fd6b tail:0x3c end:0xec0
dev:veth0
commit 7901cd97963d:
skb_under_panic: text:000000001d390b3a len:31 put:24
head:00000000d8ed776f data:000000008150e823 tail:0x7 end:0xc0 dev:gre0
Is there some situation where skb->head and possibly skb->data may not be
initialized correctly ?
Thanks,
Guenter
---
[1] https://www.spinics.net/lists/linux-wireless/msg200403.html
